Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Eight financial services firms paid $190 million to settle
claims June 2 that they violated Federal and State securities laws after they
misled 5 U.S. banks into buying risky residential mortgage-backed securities
(RMBS). – Reuters See item 5 below in
the Financial Services Sector

• Officials in Collier County, Florida, announced June 5 that they
will dig up and replace more than 10,000 feet of aging, asbestos containing
water pipes as part of a $1.4 million project. – Naples Daily News

• The City of Cisco in Texas was placed under a boil water
advisory June 3 after the Cisco water treatment plant flooded the week of May
30, prompting officials to pump 300,000 gallons of partially treated water into
the city’s water towers for daily use. – Abilene Reporter-News

33. June 4,
Softpedia – (International) GhostShell leaks around 36 million records
from 110 MongoDB servers. The Romanian hacker, GhostShell reportedly leaked
36 million user records from 110 MongoDB servers online after the hacker found
5.6 gigabytes of data on the hacked server’s Internet Protocol (IP), which
contain real names, usernames, email addresses, passwords, general social media
data, and details about the user’s smartphone model, among other personal
information. The hacker revealed
that the hack was part of a campaign to raise awareness on the importance of
cyber security practices. Source: http://news.softpedia.com/news/ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856.shtml

Financial Services Sector

5. June 2,
Reuters – (International) FDIC, banks in $190 million settlement over
risky Countrywide debt. The U.S. Federal Deposit Insurance Corporation
(FDIC) announced June 2 that 8 financial services firms paid the FDIC $190
million to settle claims that they violated Federal and State securities laws
after they misled 5 U.S. banks into buying risky residential mortgage-backed
securities (RMBS) from the former Countrywide Financial Corp., by making
material misrepresentations in the offering documents for 21 Countrywide RMBS
the financial firms underwrote from 2005 – 2007. The settlement funds will be
distributed among the five banks, which failed in 2008 and 2009 in part as a
result of the risky mortgage securities. Source: http://www.reuters.com/article/us-usa-banks-fdic-idUSKCN0YO2IU

Information Technology Sector

30. June 6,
The Register – (International) CryptXXX ransomware improves security, GUI
slurps Cisco creds. Security researchers from Proofpoint reported that the
developers behind the CryptXXX malware released new variations of the malware
that can encrypt network shares and steal account logins by using a StillerX to
steal account credentials from various software programs including Cisco
Virtual Private Networks (VPNs), Microsoft Credential Manager, and online poker
platforms after researchers found the new variant had updates to its
encryption, network share scanning, cosmetic updates, and updates to lock screen
behavior. Source: http://www.theregister.co.uk/2016/06/06/cryptxxx_proofpoint/

31. June 6,
SecurityWeek – (International) High severity DoS vulnerability patched in
NTP. NTP project released a new version of its Network Time Protocol daemon
(ntpd) patching five vulnerabilities including a high severity
denial-of-service (DoS) flaw that an off-path attacker can leverage to cause a
preemptable client association to be demobilized. Other patched flaws included
bad authentication demobilizes ephemeral associations, processing spoofed
server packets, autokey association reset, and a broadcast interleave issue. Source: http://www.securityweek.com/high-severity-dos-vulnerability-patched-ntp

32. June 6,
Softpedia – (International) New Cerber ransomware variants morph every 15
seconds. Security researchers from Invincea reported that the developers
behind the Cerber ransomware were using a technique called “malware factory” to
change the ransomware’s mode of operation to bypass basic scanning techniques
and infect computers even with antivirus products by sending out different file
hashes every 15 seconds from its command and control (C&C) server. Source: http://news.softpedia.com/news/new-cerber-ransomware-variants-morph-every-15-seconds-504896.shtml

33. June 4,
Softpedia – (International) GhostShell leaks around 36 million records
from 110 MongoDB servers. The Romanian hacker, GhostShell reportedly leaked
36 million user records from 110 MongoDB servers online after the hacker found
5.6 gigabytes of data on the hacked server’s Internet Protocol (IP), which
contain real names, usernames, email addresses, passwords, general social media
data, and details about the user’s smartphone model, among other personal
information. The hacker revealed
that the hack was part of a campaign to raise awareness on the importance of
cyber security practices. Source: http://news.softpedia.com/news/ghostshell-leaks-around-36-million-records-from-110-mongodb-servers-504856.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"